​This is a 12-month contract-to-hire role focused on maturing a healthcare organization’s Incident Response (IR) capabilities through advanced automation. As a Principal-level engineer, you will be the primary architect for Palo Alto Cortex XSOAR, responsible for taking manual IR processes and transforming them into automated, end-to-end playbooks.

• ​Location: 100% Remote (Must reside in CA, OR, WA, CO, GA, VA, MD, or DC).
• ​Pay Range: $70/hr – $85/hr.
• ​Experience Required: 7+ years in security engineering with a heavy specialization in SOAR.
• ​Core Tech Stack: Palo Alto Cortex XSOAR, Splunk, Python.
• ​Integrations: CrowdStrike, Proofpoint, Tanium, and Azure.

​What You’ll Do: Orchestration and Incident Response Support

​The mission of this role is to act as the bridge between raw security data and actionable, automated response. You will work directly with the IR team to identify their “pain points” and solve them through code.

• ​Playbook Development: Design, code, and implement complex XSOAR playbooks from scratch. This includes defining the logic for ingestion, enrichment, and automated containment.
• ​IR Optimization: Partner with Incident Response analysts to understand their workflows and improve the efficiency of their tooling.
• ​Enterprise Integration: Build and maintain integrations between XSOAR and the broader security stack, including CrowdStrike (EDR), Tanium (Endpoint), Proofpoint (Email), and Azure (Cloud).
• ​Python Automation: Leverage strong Python coding skills to create custom scripts and integrations that aren’t available out-of-the-box.
• ​Data Analysis: Perform extensive analysis on security data to identify trends and opportunities for new automation use cases.

​Required Skills and Experience

​This is a high-level engineering role requiring a candidate who is as comfortable writing code as they are discussing security strategy with IR leads.

• ​SOAR Mastery: 7+ years of experience with a deep focus on Palo Alto Cortex XSOAR (formerly Demisto).
• ​Programming: High proficiency in Python is required; experience with Java or C is also beneficial.
• ​Ecosystem Knowledge: Strong working knowledge of Splunk (SIEM) and how it feeds into a SOAR platform.
• ​Soft Skills: Strong communication skills are essential, as you will be translating analyst needs into technical requirements.

​Key Logistics and Benefits

• ​Residency Requirement: While the role is remote, you must live in one of the following states for tax/employment purposes: CA, OR, WA, CO, GA, VA, MD, or DC.
• ​Contract-to-Hire: This is a 12-month initial term with the intent to convert to a permanent employee.
• ​Comprehensive Benefits: Includes four medical plans, 401(k) with match, HSA/FSA, and paid sick leave.